Hacker News new | comments | show | ask | jobs | submit login
Show HN: A Chrome extension for getting to the HN thread for the current page (mfairley.com)
12 points by michaelfairley on Sept 6, 2011 | hide | past | web | favorite | 4 comments




There are some security and privacy issues with that extension. It requires permission to run javascript in the context of every page, so the author could auto-update the plugin to inject malicious code in your banking session.

It also sends every url you visit to HNSearch, which a lot of people were unhappy with from a privacy perspective. My extension sends MD5(url), which makes it nearly impossible for me to track someones browsing behavior.


"My extension sends MD5(url), which makes it nearly impossible for me to track someones browsing behavior."

You're kidding, right? In order to tell if there is a HN thread about the page, you also MD5(url) all HN threads. If you find a match, you send the thread to the user. Therefore, you know the user is visiting the url the HN thread is about!

Let's not even talk about how cheap it is to test for MD5 collisions against popular urls, or the how easy it is to determine if the user has visited an arbitrary url.


very nice. This is something I'm very interested in. I even wrote something like it which uses a bookmarklet, though I believe browser extensions are the way to go.

http://omnigeist.com/ https://github.com/mwhooker/omnigeist.js

It was mostly a vehicle for me to learn coffeescript & node.js, so it's got some rough edges.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: